The software has an option (disabled by default) that allows to run aweb server for providing an updated screenshot of the program.This built-in web server is affected by a classical directorytraversal attack through the usage of more than two dots.